Biz & IT —

Comcast to provide wholesale IPv6 service

Cable operator Comcast announced that it will provide IPv6 service to its …

At the 46th North American Network Operators Group (NANOG) meeting in Philadelphia last week, cable operator Comcast announced it was making IPv6 available to wholesale customers that connect to its fiber network. The most remarkable part here is what it's not doing: making IPv6 available to its cable Internet customers. The first steps in this area are slated for 2010.

When speaking at the NANOG meeting, Comcast's John Jason Brzozowski talked about the large number of issues with rolling out IPv6 over their broadband infrastructure. One is that, without content available through IPv6, consumer interest in IPv6 may atrophy, so the move to make IPv6 available to wholesale (Web hosting) customers now makes a lot of sense. When it comes to wholesale users, Netflix didn't see many issues with consumer IPv6 readiness, but is unhappy about the state of IPv6 in content distribution networks. That may come down to its choice of CDN; Limelight is already there.

Two years ago, we wrote about how we could run out of IPv4 addresses by 2010. These predictions, however, assumed that we'd use more and more new IPv4 addresses every year, which hasn't really happened. Twenty-five months ago, there were 48 blocks of 16.78 million IPv4 addresses in the IANA global pool and the equivalent of another 24 blocks being held by the five Regional Internet Registries (RIRs), leaving a total of 72 (1208 million addresses). Today, there's 30 and 21, adding up to 51 blocks (855 million addresses). So we used less than one block a month, virtually the same rate as the two years prior. At this rate, it seems unlikely that we'll run out of IPv4 addresses within less than three years or so.

In an ideal world, we'd use those years to enable IPv6 (see Everything you need to know about IPv6) and smoothly transition from one protocol to the other. This would require two steps: enabling IPv6 and disabling IPv4. Starting with Windows XP, all operating systems have been capable of sending and receiving IPv6 packets over ethernet and WiFi (dial-up modem, not so much). The big routers in the core of the Internet can also run IPv6, so the only thing standing in the way, quite literally, are home routers and the service provider's broadband infrastructure.

The difficulty here is that the ISP-home router connection requires authentication mechanisms and a way to delegate IP addresses. That's right: plural. With IPv4, it's normal to share a single IP address among multiple computers and other devices in the home. But the point of IPv6 is that there is no address scarcity, so it's possible to use a much cleaner approach, where every bit of hardware has its own individual address.

This obviously requires a more complex system to obtain addresses from the ISP. The protocols to do this are available, but not the operational guidelines on how to use them in such a way that everything works together seamlessly. All of this is now (belatedly) being sorted out in the IETF, so hopefully it will be possible to run IPv6 over a broadband line without requiring home users to manage a complex configuration in the near future.

Unfortunately, the hard part will then begin: getting rid of IPv4. Running IPv6 and IPv4 side by side requires just as many IPv4 addresses as just running IPv4, so it doesn't solve anything. Users with a recent operating system who are willing to forego software and devices that don't work with IPv6 (a list that currently includes Skype and the iPhone) may be able to use IPv6-only connectivity, providing there is some kind of translation service in place that allows them to connect to servers that are still IPv4-only.

But it looks like ISPs won't realistically be able to provide IPv6-only service for some time to come, as there is simply too much IPv4-only hard- and software out there. So it looks like, once we're out of IPv4 addresses, ISPs will need to put several users behind a single IP address using Network Address Translation (NAT). Today, most users are already behind NAT, but the NAT is provided by the home router.

One of the big issues with the NAT service is that it doesn't know where to send unsolicited incoming packets (some consider this a security feature). This can usually be fixed with some manual configuration of a home router or with local protocols such as UPnP or NAT-PMP. These solutions don't work with NAT performed at the ISP level, so applications that require unsolicited incoming packets—these include peer-to-peer applications such as VoIP and BitTorrent, as well as services like Back To My Mac—will start breaking once this process starts.

ISPs probably can't avoid putting their customers behind NAT at some point, and that will require investments in new hardware—the question is whether ISPs will be able to justify simultaneous investments to provide IPv6 service over broadband. The best we can hope for is that they'll manage to do both, since we're probably going to need to keep legacy IPv4-only hardware and software limping along.

Iljitsch van Beijnum
Iljitsch is a contributing writer at Ars Technica, where he contributes articles about network protocols as well as Apple topics. He is currently finishing his Ph.D work at the telematics department at Universidad Carlos III de Madrid (UC3M) in Spain. Emaililjitsch.vanbeijnum@arstechnica.com//Twitter@iljitsch